Опубликовано: 01 мар. 2024
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.5
Описание
Bagist Cross-site Scripting vulnerability
Bagisto is vulnerable to cross-site scripting (XSS) via png file upload vulnerability in product review option.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-27499
- https://github.com/bagisto/bagisto/pull/9474
- https://github.com/bagisto/bagisto/commit/b01bfc5fab3933a132380f36cb2e9670d2310baf
- https://github.com/Ek-Saini/security/blob/main/xss-bagisto-v1.5.1
- https://github.com/auspicious7/Vulnerability-Discover/blob/main/CVE-2024-27499_bagisto-V-1.5.1
Пакеты
Наименование
bagisto/bagisto
composer
Затронутые версииВерсия исправления
< 2.1.0
2.1.0
Связанные уязвимости
CVSS3: 6.5
nvd
почти 2 года назад
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.